Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS212416.roa
File:                     AS212416.roa (raw, json)
Hash identifier:          6WZybju32myBvd/ptTCZ6Z/vM/Pox9vZxzu9ErUMvAA=
Subject key identifier:   0A:A8:FC:D1:70:48:59:7D:03:6E:2B:65:9F:07:54:14:CB:B7:DE:13
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       6FC8690ACC43C7A127EC9D73778A5D4CF5B158A7
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS212416.roa
Signing time:             Sun 27 Oct 2024 18:25:50 +0000
ROA not before:           Sun 27 Oct 2024 18:20:50 +0000
ROA not after:            Sun 26 Oct 2025 18:25:50 +0000
asID:                     212416
IP address blocks:        45.157.18.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6f:c8:69:0a:cc:43:c7:a1:27:ec:9d:73:77:8a:5d:4c:f5:b1:58:a7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: Oct 27 18:20:50 2024 GMT
            Not After : Oct 26 18:25:50 2025 GMT
        Subject: CN=0AA8FCD17048597D036E2B659F075414CBB7DE13
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:62:b5:38:2f:79:25:d7:f7:20:23:32:51:86:
                    ee:01:4f:d4:0c:c5:be:d8:d1:86:06:71:eb:74:ea:
                    4a:80:ed:aa:4c:86:13:0a:11:60:fe:70:73:6d:7b:
                    21:bf:2d:da:24:55:0e:a0:5b:05:29:2d:6d:20:41:
                    03:5f:3b:0d:cf:49:ad:99:82:81:32:ab:99:cc:37:
                    22:f7:6b:44:40:07:b2:15:ad:4f:5d:3e:59:d9:29:
                    e4:4e:98:4f:31:1b:3e:62:5e:d1:e9:16:f8:ee:27:
                    f3:8d:f9:de:0c:86:1c:95:0a:f7:de:42:d3:00:85:
                    cd:15:3f:2f:66:73:3b:32:8a:72:6e:a6:fc:c6:b0:
                    84:78:e7:3b:67:e2:4b:cc:a1:57:65:c1:c9:6f:e8:
                    85:d5:5e:75:5d:87:39:f1:77:7d:ce:ca:04:8c:0c:
                    21:f0:f7:5a:58:b4:45:0a:6b:e2:4d:17:d2:d6:28:
                    f7:f2:71:72:93:29:ff:e9:f1:89:3f:d5:3d:ce:39:
                    ae:ba:98:50:8a:a7:b6:9c:e5:b1:fd:5f:ad:aa:82:
                    6b:d8:f2:44:3d:e2:0b:7e:ad:fd:07:a4:d2:fd:06:
                    56:4c:66:ba:45:c4:b5:15:bc:9f:54:88:a3:c8:f9:
                    29:bf:80:bf:14:31:27:e0:ee:5d:b7:ee:14:4f:0a:
                    6b:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:A8:FC:D1:70:48:59:7D:03:6E:2B:65:9F:07:54:14:CB:B7:DE:13
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS212416.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.157.18.0/24

    Signature Algorithm: sha256WithRSAEncryption
         32:5c:a6:f3:46:c3:9b:95:ce:5f:e2:c3:7e:37:4d:a0:b3:8a:
         43:ea:dc:5b:0a:77:9f:c1:b5:96:fe:5f:17:93:d5:c2:73:5d:
         a1:67:73:87:02:fe:33:d3:d4:8b:a9:fa:ce:05:64:09:91:13:
         8b:9a:07:45:7e:1f:d3:37:b3:c0:57:d9:fe:3a:cd:b1:66:4e:
         cf:2a:d5:d7:7b:0a:4b:f3:b1:f1:bf:ab:ef:d6:9a:ea:df:40:
         a6:85:d9:08:be:63:34:2b:5d:5a:22:3d:18:7d:ef:86:6c:6b:
         5d:cf:ed:f4:e1:ab:c0:61:4a:c7:92:98:2b:98:08:04:b9:25:
         f4:a2:f9:e7:47:eb:ab:5c:95:72:15:76:d1:76:78:36:34:7f:
         de:f8:31:56:25:55:9d:29:6b:a0:98:94:46:cf:92:74:cc:fc:
         28:c5:b6:4c:cb:2c:e5:6b:bb:3e:83:95:d1:91:8c:25:18:c5:
         be:fc:ba:69:b3:26:49:01:09:35:06:bc:f0:c0:71:6a:91:37:
         ec:38:56:03:93:85:79:91:48:0f:ce:7a:c5:f0:32:87:d4:62:
         9e:ac:cd:02:af:aa:4a:c3:48:a2:74:98:4d:76:eb:1b:51:79:
         c0:1a:25:b4:29:d5:33:be:8c:94:f1:37:74:af:e2:e5:f6:0d:
         5b:99:e0:fd
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUb8hpCsxDx6En7J1zd4pdTPWxWKcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yNDEwMjcxODIwNTBaFw0yNTEwMjYxODI1NTBaMDMxMTAvBgNV
BAMTKDBBQThGQ0QxNzA0ODU5N0QwMzZFMkI2NTlGMDc1NDE0Q0JCN0RFMTMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvYrU4L3kl1/cgIzJRhu4BT9QM
xb7Y0YYGcet06kqA7apMhhMKEWD+cHNteyG/LdokVQ6gWwUpLW0gQQNfOw3PSa2Z
goEyq5nMNyL3a0RAB7IVrU9dPlnZKeROmE8xGz5iXtHpFvjuJ/ON+d4MhhyVCvfe
QtMAhc0VPy9mczsyinJupvzGsIR45ztn4kvMoVdlwclv6IXVXnVdhznxd33OygSM
DCHw91pYtEUKa+JNF9LWKPfycXKTKf/p8Yk/1T3OOa66mFCKp7ac5bH9X62qgmvY
8kQ94gt+rf0HpNL9BlZMZrpFxLUVvJ9UiKPI+Sm/gL8UMSfg7l237hRPCmsXAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUCqj80XBIWX0DbitlnwdUFMu33hMwHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTMjEyNDE2LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZ0S
MA0GCSqGSIb3DQEBCwUAA4IBAQAyXKbzRsOblc5f4sN+N02gs4pD6txbCnefwbWW
/l8Xk9XCc12hZ3OHAv4z09SLqfrOBWQJkROLmgdFfh/TN7PAV9n+Os2xZk7PKtXX
ewpL87Hxv6vv1prq30CmhdkIvmM0K11aIj0Yfe+GbGtdz+304avAYUrHkpgrmAgE
uSX0ovnnR+urXJVyFXbRdng2NH/e+DFWJVWdKWugmJRGz5J0zPwoxbZMyyzla7s+
g5XRkYwlGMW+/LppsyZJAQk1BrzwwHFqkTfsOFYDk4V5kUgPznrF8DKH1GKerM0C
r6pKw0iidJhNdusbUXnAGiW0KdUzvoyU8Td0r+Ll9g1bmeD9
-----END CERTIFICATE-----